ON THIS PAGE
Example: Configuring an EVPN with IRB Solution on EX9200 Switches
This example shows how to configure an integrated routing and bridging (IRB) solution in an Ethernet VPN (EVPN) deployment.
Requirements
This example uses the following hardware and software components:
Two EX9200 switches configured as PE routers
Junos OS Release 14.2 or later running on all the PE routers
Before you begin:
Configure the switch interfaces.
Configure OSPF or any other IGP protocol.
Configure BGP.
Configure LDP.
Configure MPLS.
Overview
In an EVPN solution, multiple VLANs can be defined within a particular EVPN instance, and one or more EVPN instances can be associated with a single Layer 3 VPN VRF. In general, each data center tenant is assigned a unique Layer 3 VPN virtual route forwarding (VRF), although the tenant can comprise one or more EVPN instances or VLANs per EVPN instance.
To support this flexibility and scalability factor, the EVPN solution provides support for the IRB interfaces on EX9200 switches to facilitate optimal Layer 2 and Layer 3 forwarding along with virtual machine mobility. The IRB interfaces are configured on each configured VLAN including the default VLAN for an EVPN instance.
IRB is the ability to do Layer 2 switching and Layer 3 routing within a single node, thus avoiding extra hops for inter-subnet traffic. The EVPN IRB solution eliminates the default gateway problem using the gateway MAC and IP synchronization, and avoids the triangular routing problem with Layer 3 interworking by creating IP host routes for virtual machines (VMs) in the tenant VRFs.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the following commands,
paste them into a text file, remove any line breaks, change any details
necessary to match your network configuration, and then copy and paste
the commands into the CLI at the [edit] hierarchy level.
CE1
set interfaces ge-1/1/7 vlan-tagging set interfaces ge-1/1/7 unit 0 vlan-id 10 set interfaces ge-1/1/7 unit 0 family inet address 10.0.0.1/24 set routing-options static route 198.51.100.0/24 next-hop 10.0.0.251
PE1
set interfaces ge-1/0/8 unit 0 family inet address 192.0.2.1/24 set interfaces ge-1/0/8 unit 0 family mpls set interfaces ge-1/1/8 flexible-vlan-tagging set interfaces ge-1/1/8 encapsulation flexible-ethernet-services set interfaces ge-1/1/8 unit 0 encapsulation vlan-bridge set interfaces ge-1/1/8 unit 0 vlan-id 10 set interfaces irb unit 0 family inet address 10.0.0.251/24 set interfaces lo0 unit 0 family inet address 203.0.113.1/32 set routing-options router-id 203.0.113.1 set routing-options autonomous-system 100 set routing-options forwarding-table chained-composite-next-hop ingress evpn set protocols ldp interface all set protocols ldp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 203.0.113.1 set protocols bgp group ibgp family evpn signaling set protocols bgp group ibgp neighbor 203.0.113.2 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set routing-instances evpna instance-type evpn set routing-instances evpna vlan-id 10 set routing-instances evpna interface ge-1/1/8.0 set routing-instances evpna l3-interface irb.0 set routing-instances evpna route-distinguisher 203.0.113.1:100 set routing-instances evpna vrf-target target:100:100 set routing-instances evpna protocols evpn interface ge-1/1/8.0 set routing-instances vrf instance-type vrf set routing-instances vrf interface irb.0 set routing-instances vrf route-distinguisher 203.0.113.1:300 set routing-instances vrf vrf-target target:100:300 set routing-instances vrf vrf-table-label
PE2
set interfaces ge-2/0/8 unit 0 family inet address 192.0.2.2/24 set interfaces ge-2/0/8 unit 0 family mpls set interfaces ge-2/1/8 flexible-vlan-tagging set interfaces ge-2/1/8 encapsulation flexible-ethernet-services set interfaces ge-2/1/8 unit 0 encapsulation vlan-bridge set interfaces ge-2/1/8 unit 0 vlan-id 20 set interfaces irb unit 0 family inet address 198.51.100.251/24 set interfaces lo0 unit 0 family inet address 203.0.113.2/32 set routing-options router-id 203.0.113.2 set routing-options autonomous-system 100 set routing-options forwarding-table chained-composite-next-hop ingress evpn set protocols ldp interface all set protocols ldp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 203.0.113.2 set protocols bgp group ibgp family evpn signaling set protocols bgp group ibgp neighbor 203.0.113.1 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set routing-instances evpna instance-type evpn set routing-instances evpna vlan-id 20 set routing-instances evpna interface ge-2/1/8.0 set routing-instances evpna l3-interface irb.0 set routing-instances evpna route-distinguisher 203.0.113.2:100 set routing-instances evpna vrf-target target:200:100 set routing-instances evpna protocols evpn interface ge-2/1/8.0 set routing-instances vrf instance-type vrf set routing-instances vrf interface irb.0 set routing-instances vrf route-distinguisher 203.0.113.2:300 set routing-instances vrf vrf-target target:200:300 set routing-instances vrf vrf-table-label
CE2
set interfaces ge-2/1/7 unit 0 vlan-id 20 set interfaces ge-2/1/7 unit 0 family inet address 198.51.100.2/24 set routing-options static route 10.0.0.0/24 next-hop 198.51.100.251
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.
To configure Router PE1:
Repeat this procedure for Router PE2, after modifying the appropriate interface names, addresses, and other parameters.
Configure Router PE1 interfaces.
[edit interfaces]user@PE1# set ge-1/0/8 unit 0 family inet address 192.0.2.1/24 user@PE1# set ge-1/0/8 unit 0 family mpls user@PE1# set ge-1/1/8 flexible-vlan-tagging user@PE1# set ge-1/1/8 encapsulation flexible-ethernet-services user@PE1# set ge-1/1/8 unit 0 encapsulation vlan-bridge user@PE1# set ge-1/1/8 unit 0 vlan-id 10 user@PE1# set irb unit 0 family inet address 10.0.0.251/24 user@PE1# set lo0 unit 0 family inet address 203.0.113.1/32Set the router ID and autonomous system number for Router PE1.
[edit routing-options]user@PE1# set router-id 203.0.113.1 user@PE1# set autonomous-system 100Configure the chained composite next hop for EVPN.
[edit routing-options]user@PE1# set forwarding-table chained-composite-next-hop ingress evpnEnable LDP on all interfaces of Router PE1, excluding the management interface.
[edit protocols]user@PE1# set ldp interface all user@PE1# set ldp interface fxp0.0 disableEnable MPLS on all the interfaces of Router PE1, excluding the management interface.
[edit protocols]user@PE1# set mpls interface all user@PE1# set mpls mpls interface fxp0.0 disableConfigure the BGP group for Router PE1.
[edit protocols]user@PE1# set bgp group ibgp type internalAssign local and neighbor addresses to the ibgp BGP group for Router PE1 to peer with Router PE2.
[edit protocols]user@PE1# set bgp group ibgp local-address 203.0.113.1 user@PE1# set bgp group ibgp neighbor 203.0.113.2Include the EVPN signaling Network Layer Reachability Information (NLRI) to the ibgp BGP group.
[edit protocols]user@PE1# set bgp group ibgp family evpn signalingConfigure OSPF on all the interfaces of Router PE1, excluding the management interface.
[edit protocols]user@PE1# set ospf area 0.0.0.0 interface all user@PE1# set ospf area 0.0.0.0 interface fxp0.0 disableConfigure the EVPN routing instance.
[edit routing-instances] user@PE1# set evpna instance-type evpn
Set the VLAN identifier for the bridging domain in the evpna routing instance.
[edit routing-instances] user@PE1# set evpna vlan-id 10
Configure the interface name for the evpna routing instance.
[edit routing-instances] user@PE1# set evpna interface ge-1/1/8.0
Configure the IRB interface as the routing interface for the evpna routing instance.
[edit routing-instances] user@PE1# set evpna l3-interface irb.0
Configure the route distinguisher for the evpna routing instance.
[edit routing-instances] user@PE1# set evpna route-distinguisher 203.0.113.1:100
Configure the VPN routing and forwarding (VRF) target community for the evpna routing instance.
[edit routing-instances] user@PE1# set evpna vrf-target target:100:100
Assign the interface name that connects the PE1 site to the VPN.
[edit routing-instances] user@PE1# set evpna protocols evpn interface ge-1/1/8.0
Configure the VRF routing instance.
[edit routing-instances] user@PE1# set vrf instance-type vrf
Configure the IRB interface as the routing interface for the vrf routing instance.
[edit routing-instances] user@PE1# set vrf interface irb.0
Configure the route distinguisher for the vrf routing instancee.
[edit routing-instances] user@PE1# set vrf route-distinguisher 203.0.113.1:300
Configure the VRF label for the vrf routing instance.
[edit routing-instances] user@PE1# set vrf vrf-table-label
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@PE1# show interfaces
ge-1/0/8 {
unit 0 {
family inet {
address 192.0.2.1/24;
}
family mpls;
}
}
ge-1/1/8 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
encapsulation vlan-bridge;
vlan-id 10;
}
}
irb {
unit 0 {
family inet {
address 10.0.0.251/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 203.0.113.1/32 {
}
}
}
}
user@PE1# show routing-options
router-id 203.0.113.1;
autonomous-system 100;
forwarding-table {
chained-composite-next-hop {
ingress {
evpn;
}
}
}
user@PE1# show protocols
ldp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;
interface fxp0.0 {
disable;
}
}
bgp {
group ibgp {
type internal;
local-address 203.0.113.1;
family evpn {
signaling;
}
neighbor 203.0.113.2;
}
}
ospf {
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
user@PE1# show routing-instances
evpna {
instance-type evpn;
vlan-id 10;
interface ge-1/1/8.0;
l3-interface irb.0;
route-distinguisher 203.0.113.1:100;
vrf-target target:100:100;
protocols {
evpn {
interface ge-1/1/8.0;
}
}
}
vrf {
instance-type vrf;
interface irb.0;
route-distinguisher 203.0.113.1:300;
vrf-target target:100:300;
vrf-table-label;
}
Verification
Confirm that the configuration is working properly.
- Verifying Local IRB MACs
- Verifying Remote IRB MACs
- Verifying Local IRB IPs
- Verifying Remote IRB IPs
- Verifying CE-CE Inter-Subnet Forwarding
Verifying Local IRB MACs
Purpose
Verify that the local IRB MACs are learned from L2ALD.
Action
On Router PE1, determine the MAC address of the local IRB interface.
From operational mode, run the show interfaces
irb extensive | match "Current address" command.
user@PE1> show interfaces irb extensive | match "Current address" Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
From operational mode, run the show route table
evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10" command.
user@PE1> show route table evpna.evpn.0 extensive
| find "a8:d0:e5:54:0d:10"
2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10/384 (1 entry, 1 announced)
TSI:
Page 0 idx 0, (group PE type Internal) Type 1 val 0x2736568 (adv_entry)
Advertised metrics:
Flags: Nexthop Change
Nexthop: Self
Localpref: 100
AS path: [100] I
Communities: target:100:100 evpn-default-gateway
Path 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10 Vector len 4. Val: 0
*EVPN Preference: 170
Next hop type: Indirect
Address: 0x26f8354
Next-hop reference count: 6
Protocol next hop: 10.255.0.1
Indirect next hop: 0x0 - INH Session ID: 0x0
State: <Active Int Ext>
Age: 23:29:08
Validation State: unverified
Task: evpna-evpn
Announcement bits (1): 1-BGP_RT_Background
AS path: I
Communities: evpn-default-gateway
Route Label: 299776Meaning
The MAC-only route for the local IRB interface appears in the EVPN instance route table on Router PE1 and is learned from EVPN and tagged with the default gateway extended community.
Verifying Remote IRB MACs
Purpose
Verify that the remote IRB MACs are learned from BGP.
Action
On Router PE1, determine the MAC address of the local IRB interface.
From operational mode, run the show interfaces
irb extensive | match "Current address" command.
user@PE1> show interfaces irb extensive | match "Current address" Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
On Router PE2, verify that the remote IRB MACs are learned.
From operational mode, run the show route table
evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10" command.
user@PE2> show route table evpna.evpn.0 extensive
| find "a8:d0:e5:54:0d:10"
2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10/384 (1 entry, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 2.91.223.24:100
Next hop type: Indirect
Address: 0x26f8d6c
Next-hop reference count: 10
Source: 10.255.0.1
Protocol next hop: 10.255.0.1
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Secondary Active Int Ext>
Local AS: 100 Peer AS: 100
Age: 23:22:17 Metric2: 1
Validation State: unverified
Task: BGP_100.10.255.0.1
Announcement bits (1): 0-evpna-evpn
AS path: I
Communities: target:100:100 evpn-default-gateway
Import Accepted
Route Label: 299776
Localpref: 100
Router ID: 10.255.0.1
Primary Routing Table bgp.evpn.0
Indirect next hops: 1
Protocol next hop: 10.255.0.1 Metric: 1
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 1.0.0.1 via ge-1/0/8.0
Session Id: 0x1
10.255.0.1/32 Originating RIB: inet.3
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 1.0.0.1 via ge-1/0/8.0
Meaning
The MAC-only route for the remote IRB interface appears in the EVPN instance route table on Router PE2 and is learned from BGP and tagged with the default gateway extended community.
Verifying Local IRB IPs
Purpose
Verify that the local IRB IPs are learned locally by RPD.
Action
On Router PE1, determine the MAC and IP addresses of the local IRB interface.
From operational mode, run the show interfaces
irb extensive | match "Current address" command.
user@PE1> show interfaces irb extensive | match "Current address" Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
From operational mode, run the show interfaces
irb.0 terse | match inet command.
user@PE1> show interfaces irb.0 terse | match inet irb.0 up up inet 10.0.0.251/24
From operational mode, run the show route table
evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251" command.
user@PE2> show route table evpna.evpn.0 extensive
| find "a8:d0:e5:54:0d:10::10.0.0.251"
2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251/384 (1 entry, 1 announced)
TSI:
Page 0 idx 0, (group PE type Internal) Type 1 val 0x27365a0 (adv_entry)
Advertised metrics:
Flags: Nexthop Change
Nexthop: Self
Localpref: 100
AS path: [100] I
Communities: target:100:100 evpn-default-gateway
Path 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251 Vector len 4. Val: 0
*EVPN Preference: 170 <<<<<
Next hop type: Indirect
Address: 0x26f8354
Next-hop reference count: 6
Protocol next hop: 10.255.0.1
Indirect next hop: 0x0 - INH Session ID: 0x0
State: <Active Int Ext>
Age: 23:48:46
Validation State: unverified
Task: evpna-evpn
Announcement bits (1): 1-BGP_RT_Background
AS path: I
Communities: evpn-default-gateway
Route Label: 299776
Meaning
The MAC plus IP route for the local IRB interface appears in the EVPN instance route table on Router PE1 and is learned from EVPN and tagged with the default gateway extended community.
Verifying Remote IRB IPs
Purpose
Verify that the remote IRB IPs are learned from BGP.
Action
On Router PE1, determine the MAC and IP addresses of the local IRB interface.
From operational mode, run the show interfaces
irb extensive | match "Current address" command.
user@PE1> show interfaces irb extensive | match "Current address" Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
From operational mode, run the show interfaces
irb.0 terse | match inet command.
user@PE1> show interfaces irb.0 terse | match inet irb.0 up up inet 10.0.0.251/24
On Router PE2, verify that the remote IRB IPs are learnt.
From operational mode, run the show route table
evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251" command.
user@PE2> show route table evpna.evpn.0 extensive
| find "a8:d0:e5:54:0d:10::10.0.0.251"
2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251/384 (1 entry, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 2.91.223.216:100
Next hop type: Indirect
Address: 0x26f8d6c
Next-hop reference count: 10
Source: 10.255.0.1
Protocol next hop: 10.255.0.1
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Secondary Active Int Ext>
Local AS: 100 Peer AS: 100
Age: 23:56:36 Metric2: 1
Validation State: unverified
Task: BGP_100.10.255.0.1
Announcement bits (1): 0-evpna-evpn
AS path: I
Communities: target:100:100 evpn-default-gateway
Import Accepted
Route Label: 299776
Localpref: 100
Router ID: 10.255.0.1
Primary Routing Table bgp.evpn.0
Indirect next hops: 1
Protocol next hop: 10.255.0.1 Metric: 1
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 1.0.0.1 via ge-1/0/8.0
Session Id: 0x1
10.255.0.1/32 Originating RIB: inet.3
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 1.0.0.1 via ge-1/0/8.0
Meaning
The MAC plus IP route for the remote IRB interface appears in the EVPN instance route table on Router PE2 and is tagged with the default gateway extended community.
Verifying CE-CE Inter-Subnet Forwarding
Purpose
Verify inter-subnet forwarding between Routers CE1 and CE2.
Action
From operational mode, run the show route table
inet.0 command.
user@CE1> show route table inet.0
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:15:09
> to 10.0.0.251 via ge-1/1/7.0
10.0.0.0/24 *[Direct/0] 1d 23:24:30
> via ge-1/1/7.0
10.0.0.1/32 *[Local/0] 1d 23:24:38
Local via ge-1/1/7.0
From operational mode, run the ping command.
user@CE1> ping 198.51.100.2 interval 0.1 count 10 PING 198.51.100.2 (20.0.0.2): 56 data bytes 64 bytes from 198.51.100.2: icmp_seq=0 ttl=63 time=0.919 ms 64 bytes from 198.51.100.2: icmp_seq=1 ttl=63 time=0.727 ms 64 bytes from 198.51.100.2: icmp_seq=2 ttl=63 time=0.671 ms 64 bytes from 198.51.100.2: icmp_seq=3 ttl=63 time=0.671 ms 64 bytes from 198.51.100.2: icmp_seq=4 ttl=63 time=0.666 ms 64 bytes from 198.51.100.2: icmp_seq=5 ttl=63 time=0.704 ms 64 bytes from 198.51.100.2: icmp_seq=6 ttl=63 time=0.763 ms 64 bytes from 198.51.100.2: icmp_seq=7 ttl=63 time=0.750 ms 64 bytes from 198.51.100.2: icmp_seq=8 ttl=63 time=12.967 ms 64 bytes from 198.51.100.2: icmp_seq=9 ttl=63 time=0.752 ms --- 198.51.100.2 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.666/1.959/12.967/3.670 ms
Meaning
Ping from Router CE1 to Router CE2 is successful.